1
0
mirror of https://github.com/golang/go synced 2024-11-21 21:14:47 -07:00

exp/ssh: use ClientConfig.rand() for publickey authentication

Closes TODO from 5373055

R=agl
CC=golang-dev
https://golang.org/cl/5375081
This commit is contained in:
Dave Cheney 2011-11-13 20:57:15 -05:00 committed by Adam Langley
parent 3ee171d174
commit 59a92cde3d

View File

@ -5,7 +5,6 @@
package ssh
import (
"crypto/rand"
"errors"
"io"
)
@ -28,7 +27,7 @@ func (c *ClientConn) authenticate(session []byte) error {
// then any untried methods suggested by the server.
tried, remain := make(map[string]bool), make(map[string]bool)
for auth := ClientAuth(new(noneAuth)); auth != nil; {
ok, methods, err := auth.auth(session, c.config.User, c.transport)
ok, methods, err := auth.auth(session, c.config.User, c.transport, c.config.rand())
if err != nil {
return err
}
@ -62,7 +61,7 @@ type ClientAuth interface {
// Returns true if authentication is successful.
// If authentication is not successful, a []string of alternative
// method names is returned.
auth(session []byte, user string, t *transport) (bool, []string, error)
auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error)
// method returns the RFC 4252 method name.
method() string
@ -71,7 +70,7 @@ type ClientAuth interface {
// "none" authentication, RFC 4252 section 5.2.
type noneAuth int
func (n *noneAuth) auth(session []byte, user string, t *transport) (bool, []string, error) {
func (n *noneAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
if err := t.writePacket(marshal(msgUserAuthRequest, userAuthRequestMsg{
User: user,
Service: serviceSSH,
@ -104,7 +103,7 @@ type passwordAuth struct {
ClientPassword
}
func (p *passwordAuth) auth(session []byte, user string, t *transport) (bool, []string, error) {
func (p *passwordAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
type passwordAuthMsg struct {
User string
Service string
@ -174,7 +173,7 @@ type publickeyAuth struct {
ClientKeyring
}
func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, []string, error) {
func (p *publickeyAuth) auth(session []byte, user string, t *transport, rand io.Reader) (bool, []string, error) {
type publickeyAuthMsg struct {
User string
Service string
@ -241,8 +240,7 @@ func (p *publickeyAuth) auth(session []byte, user string, t *transport) (bool, [
for i, key := range validKeys {
pubkey := serializePublickey(key)
algoname := algoName(key)
// TODO(dfc) use random source from the ClientConfig
sign, err := p.Sign(i, rand.Reader, buildDataSignedForAuth(session, userAuthRequestMsg{
sign, err := p.Sign(i, rand, buildDataSignedForAuth(session, userAuthRequestMsg{
User: user,
Service: serviceSSH,
Method: p.method(),